Jump to content

Recommended Posts

Hi there,

Basically not me, but a friend (completely non-technical) got infected with ViperSoftX, his ISP contract is managed by his mom, so she only looked through the mails from the ISP telling them "YOU ARE INFECTED, DO SOMETHING" yesterday when the ISP cut his internet completely. He did manage to reset all his passwords, and I was able to install in safe mode with networking (through usb tethering) MB Pro 14 days trial (I already have a MB subscription, will upgrade to Plus and might as well buy for 2 more devices - his and my phone) which then enabled me to restart in normal mode and all the outbound requests to be fully blocked (all sent from powershell).

What I did:

  • Deep scan with MB in safe mode with networking - quarantined and deleted 90 trojans;
  • Did a quick adwcleaner by MB;
  • Restarted in normal mode;
  • Used rkill to terminate possible malware processes.
  • Redid a full MB scan where I deleted 40 more malware;
    • It continued sending outbound requests;
  • Used Farbar's tool, x64 version in Admin; (please find attached the 2 files as requested - unfortunately, the Malwarebytes Threat Scan logs I forgot to export from his PC, but I will get them tomorrow and upload them - I can vaguely remember some btc miner trojans, some backdoor malware and a few more nasty adware and malware)
    • Will upload the rest of the logs tomorrow ETA ~16H from now.
  • Used ESET Online Scanner to do a quick sweep: only found 1, then set it on a punctual sweep in Sys32 and a few more folders I know malware usually is hidden in and it found 5 more entries that it instantly purged;
    • This action made it so that the script that was "forcing" powershell to send outbound requests to completely stop (perhaps deleted?) - it was running every 5 minutes before, and after the punctual sweep nothing was blocked for +10 minutes;
  • Set all startup options to disabled;
  • Contacted the ISP to tell them the above updates, tomorrow I will check through another usb tethering session his router's firewall settings and its integrity.

 

Any help would be greatly appreciated!

Thank you,

Best regards,

ViewAccount

Addition.txt FRST.txt

Link to post
Share on other sites

  • Root Admin

The real profile is not loading either which could mean that profile is damaged

Loaded Profiles: False <==== ATTENTION (Temporary Profile?)

 

Though you could spend days working on trying to fix this, the best thing to do is back up the user data to an external USB drive.

Then do a CLEAN install of Windows - even if you don't activate it Windows will still run most functions and features without activation

 

Clean Install Windows 10 & 11 (2023)
https://answers.microsoft.com/en-us/windows/forum/all/clean-install-windows-10-11-2023/1c426bdf-79b1-4d42-be93-17378d93e587

Also, please review the following topic

Bypass Microsoft Online Account Creation during installation of Windows 11
https://forums.malwarebytes.com/topic/296613-bypass-microsoft-online-account-creation-during-installation-of-windows-11/

 

Link to post
Share on other sites

Hello there,

 

Thank you for all your replies and for your time! I think this "ticket" can be closed, as an ending note, I will do a thorough check of the other 2 hard disks to be sure they don't bring any problems in the clean install.

 

With your guidance, please let me know whether or not this ticket can be solved by Staff, or by User by using "Mark as solution", and if it's ok to mark as solution the reply with "just do a clean install".

 

Thank you again, saved me quite a few neurons!

All the best!

Link to post
Share on other sites

  • Root Admin

We're glad that we were able to assist you.

The following information will help you to keep your computer and data safer as well as improve your overall privacy

  1. Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
    https://www.howtogeek.com/780233/best-password-manager/
  2. Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/
  3. Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download     https://patchmypc.com/about-us
  4. Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2
  5. Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ 
  6. Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security

Malwarebytes Browser Guard

uBlock Origin

 

Cybersecurity basics & protection
Everything you need to know about cybercrime
https://www.malwarebytes.com/cybersecurity

 

Further reading if you'd like to keep up on the malware threat scene: Malwarebytes Blog  https://blog.malwarebytes.com/

Hopefully, we've been able to assist you with correcting your system issues.

Thank you for using Malwarebytes. Please tell your friends and family if they too need assistance with malware removal

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.